Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/56167f-5327-4c88-b4ea-3beccaae336d/1/1JBbxjT9LW1M45TfUBltflWXjYo.roa
File:                     1JBbxjT9LW1M45TfUBltflWXjYo.roa (raw, json)
Hash identifier:          +kWM+UT9oOWnxVo332YivS+2g4/PD34pohQWp5gFo5E=
Subject key identifier:   D4:90:5B:C6:34:FD:2D:6D:4C:E3:94:DF:50:19:6D:7E:55:97:8D:8A
Certificate issuer:       /CN=49e14bf76f42da4f2ac003a6c69d61c2320e2cd8
Certificate serial:       01942444EE490962BA14FFD5F3746574676B
Authority key identifier: 49:E1:4B:F7:6F:42:DA:4F:2A:C0:03:A6:C6:9D:61:C2:32:0E:2C:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeFL929C2k8qwAOmxp1hwjIOLNg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/56167f-5327-4c88-b4ea-3beccaae336d/1/1JBbxjT9LW1M45TfUBltflWXjYo.roa
Signing time:             Wed 01 Jan 2025 23:48:04 +0000
ROA not before:           Wed 01 Jan 2025 23:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206150
IP address blocks:        217.114.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/56167f-5327-4c88-b4ea-3beccaae336d/1/SeFL929C2k8qwAOmxp1hwjIOLNg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/56167f-5327-4c88-b4ea-3beccaae336d/1/SeFL929C2k8qwAOmxp1hwjIOLNg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SeFL929C2k8qwAOmxp1hwjIOLNg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:ee:49:09:62:ba:14:ff:d5:f3:74:65:74:67:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e14bf76f42da4f2ac003a6c69d61c2320e2cd8
        Validity
            Not Before: Jan  1 23:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d4905bc634fd2d6d4ce394df50196d7e55978d8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:c5:40:15:b3:a5:37:ff:67:55:55:97:66:b4:
                    33:32:9e:26:f9:a6:5d:6d:80:2a:96:0b:96:06:60:
                    ca:08:29:84:2e:7b:94:a8:e2:80:ca:d8:97:da:c5:
                    0a:1c:4d:45:09:bf:bc:1c:07:bf:2e:e2:2c:94:b3:
                    b0:24:05:9c:c5:8e:16:ae:4e:4d:78:9e:d2:ac:65:
                    cd:59:67:cb:f3:14:fe:d3:4f:50:da:09:a4:cb:a5:
                    4a:24:6a:cd:25:3d:e4:8c:f4:fc:dc:14:17:7f:bc:
                    f3:7e:84:d2:e8:94:19:e5:1c:cb:86:90:4d:e5:b7:
                    69:5d:ec:a2:ea:06:9c:88:39:41:b9:5c:0b:e1:dc:
                    f8:81:e9:06:fb:48:6a:ab:5b:72:6a:19:b0:b0:20:
                    8a:92:b6:c2:c7:22:f3:e3:dc:ec:43:c5:ad:8e:99:
                    2b:e7:53:7e:2e:0d:ab:37:8e:86:14:4d:a2:da:2e:
                    9e:3f:55:e3:fb:f0:76:5b:75:fa:1f:1d:d9:ad:89:
                    dd:77:49:7a:d6:82:9b:0c:26:70:f0:50:eb:45:a5:
                    4c:e4:80:fe:0f:6d:f9:90:5a:d7:08:64:2b:fa:71:
                    0d:5e:77:2b:70:5b:85:3a:aa:48:33:6b:59:2a:a8:
                    33:95:75:a1:86:26:f5:2f:fc:59:dc:49:c4:23:ad:
                    00:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:90:5B:C6:34:FD:2D:6D:4C:E3:94:DF:50:19:6D:7E:55:97:8D:8A
            X509v3 Authority Key Identifier:
                keyid:49:E1:4B:F7:6F:42:DA:4F:2A:C0:03:A6:C6:9D:61:C2:32:0E:2C:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeFL929C2k8qwAOmxp1hwjIOLNg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/56167f-5327-4c88-b4ea-3beccaae336d/1/1JBbxjT9LW1M45TfUBltflWXjYo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/56167f-5327-4c88-b4ea-3beccaae336d/1/SeFL929C2k8qwAOmxp1hwjIOLNg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.114.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:f6:26:69:05:fa:e7:a0:15:fb:43:08:bc:5d:d8:b8:e2:51:
         03:8b:a7:65:20:98:da:30:b4:78:f8:12:eb:04:4c:4f:df:b1:
         9c:77:01:fb:ca:e1:94:cf:32:ec:6b:d6:b3:06:ff:e0:bc:6e:
         5a:12:9d:d2:3b:2e:45:44:10:c8:4a:b9:9c:e6:a8:e2:ff:07:
         f7:9e:60:39:5f:b6:3b:b0:e5:ae:0e:c9:e7:b1:c1:4c:e7:66:
         77:ff:5c:82:35:7e:5f:6a:05:e7:5b:52:1c:04:60:18:01:44:
         03:8c:83:f4:22:5d:36:70:ee:5c:df:40:e1:5d:5e:83:b6:b5:
         5b:4e:9d:ca:bb:d8:04:94:dd:14:c4:59:ef:a0:5e:5a:2a:3d:
         3c:a9:ee:92:b8:2b:22:b8:aa:e7:7f:d6:00:c7:da:8e:ed:68:
         2e:65:13:82:d4:53:b0:3e:46:42:d5:41:9b:8d:2c:c9:9b:64:
         c6:52:ce:2a:a7:64:aa:c3:6f:18:22:04:ec:ff:33:f6:8a:f0:
         41:a7:c1:64:21:63:c7:d3:36:cb:54:f6:97:cc:48:69:91:c0:
         a9:64:67:de:77:ad:1a:af:44:3f:31:cd:66:79:da:92:65:83:
         bb:41:2e:f1:27:c1:7b:7d:00:f3:85:e5:e2:9f:5a:f0:1c:a6:
         ef:56:7e:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRO5JCWK6FP/V83RldGdrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTE0YmY3NmY0MmRhNGYyYWMwMDNhNmM2OWQ2MWMyMzIw
ZTJjZDgwHhcNMjUwMTAxMjM0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDkwNWJjNjM0ZmQyZDZkNGNlMzk0ZGY1MDE5NmQ3ZTU1OTc4ZDhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApsVAFbOlN/9nVVWXZrQzMp4m+aZd
bYAqlguWBmDKCCmELnuUqOKAytiX2sUKHE1FCb+8HAe/LuIslLOwJAWcxY4Wrk5N
eJ7SrGXNWWfL8xT+009Q2gmky6VKJGrNJT3kjPT83BQXf7zzfoTS6JQZ5RzLhpBN
5bdpXeyi6gaciDlBuVwL4dz4gekG+0hqq1tyahmwsCCKkrbCxyLz49zsQ8Wtjpkr
51N+Lg2rN46GFE2i2i6eP1Xj+/B2W3X6Hx3ZrYndd0l61oKbDCZw8FDrRaVM5ID+
D235kFrXCGQr+nENXncrcFuFOqpIM2tZKqgzlXWhhib1L/xZ3EnEI60A+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNSQW8Y0/S1tTOOU31AZbX5Vl42KMB8GA1UdIwQY
MBaAFEnhS/dvQtpPKsADpsadYcIyDizYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VGTDkyOUMyazhxd0FPbXhwMWh3aklPTE5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC81NjE2N2YtNTMyNy00Yzg4LWI0ZWEt
M2JlY2NhYWUzMzZkLzEvMUpCYnhqVDlMVzFNNDVUZlVCbHRmbFdYallvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC81NjE2N2YtNTMyNy00Yzg4LWI0ZWEtM2JlY2NhYWUzMzZk
LzEvU2VGTDkyOUMyazhxd0FPbXhwMWh3aklPTE5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2XInMA0G
CSqGSIb3DQEBCwUAA4IBAQBT9iZpBfrnoBX7Qwi8Xdi44lEDi6dlIJjaMLR4+BLr
BExP37GcdwH7yuGUzzLsa9azBv/gvG5aEp3SOy5FRBDISrmc5qji/wf3nmA5X7Y7
sOWuDsnnscFM52Z3/1yCNX5fagXnW1IcBGAYAUQDjIP0Il02cO5c30DhXV6DtrVb
Tp3Ku9gElN0UxFnvoF5aKj08qe6SuCsiuKrnf9YAx9qO7WguZROC1FOwPkZC1UGb
jSzJm2TGUs4qp2Sqw28YIgTs/zP2ivBBp8FkIWPH0zbLVPaXzEhpkcCpZGfed60a
r0Q/Mc1medqSZYO7QS7xJ8F7fQDzheXin1rwHKbvVn6g
-----END CERTIFICATE-----